Regulation in other jurisdictions

55.29 As discussed above, the credit reporting provisions of Part IIIA provide an exhaustive list of the kinds of personal information that may be included in a credit information file or credit report. The collection of other kinds of information, including information about credit granted to individuals—such as credit limits or current balances—is not permitted.

55.30 How this aspect of credit reporting is regulated in other jurisdictions is considered in more detail below.[37] The following table compares, in summary, the information allowed in credit reports in Australia, New Zealand, Germany, Singapore, the United Kingdom (UK), Hong Kong, Canada, the United States (US) and Japan.[38]

Table 55–1 International Credit Reporting Information

 

Bankruptcy

Court judgment

Default

Credit inquiries

Credit limit

Payment history

Employer

Account balance

Australia

New Zealand

Germany

Singapore

UK

Hong Kong

Canada

US

Japan

New Zealand

55.31 New Zealand is another jurisdiction in which more comprehensive credit reporting is effectively prohibited. In that jurisdiction, credit reporting is regulated by a binding code issued by the Privacy Commissioner under the Privacy Act 1993 (NZ).[39]

55.32 The Credit Reporting Privacy Code 2004 (NZ) (the NZ Code) provides that a credit reporting agency must not collect personal information for the purpose of credit reporting unless it is ‘credit information’.[40] Briefly, credit information is defined exhaustively and includes identification information, information about credit applications, credit default information, judgment and bankruptcy information, serious credit infringements and information from public registers.[41]

55.33 While the information permitted by the NZ Code is in some respects broader than that permitted under Part IIIA,[42] the permitted content of credit reports closely replicates the position in Australia. Importantly, the NZ Code does not permit a credit reporter to collect information about an individual’s current credit commitments and facilities.

United States

55.34 In the US, credit reporting is regulated under the Fair Credit Reporting Act 1970 (US) (FCRA) by the Federal Trade Commission. The FCRA does not limit the permissible content of credit information files held by credit reporting agencies or the content of credit reports.[43]

55.35 Major credit reporting agencies in the US hold and report detailed information about individuals’ credit accounts including, but not limited to, current balances, credit limits, amounts past due, payment performance and payment status pattern and account descriptions.[44] Credit reporting agencies receive information from credit providers and others, generally every month, and update their credit files within one to seven days of receiving new information.[45]

United Kingdom

55.36 In the UK, credit reporting agencies are regulated by both the Consumer Credit Act 1974 (UK) and the Data Protection Act 1998 (UK)—the latter being the equivalent of the Australian Privacy Act.

55.37 Neither the Consumer Credit Act nor the Data Protection Act specifically limits the permissible content of credit information files. The Consumer Credit Act deals only with individuals’ rights of access to, and correction of, credit information about them.[46] Under the Data Protection Act, a ‘data controller’ (which may include a credit reporting agency) must comply with the data protection principles (DPPs) set out in the Act. These include DPP 3, which provides that ‘personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed’.[47]

55.38 The information held by credit reporting agencies in the UK, and contained in credit reports, includes: data about the date accounts are opened; the credit limit or amount of the loan; payment terms; payment history; and payment arrangements entered into with the credit provider.[48] Unlike in the US, information on credit account balances is not collected.

Other jurisdictions

55.39 A 2006 report prepared for MasterCard Worldwide (MasterCard) summarised the key features of the regulatory systems for credit reporting in more than a dozen countries.[49] All the countries studied, with the exception of France, were said to permit more comprehensive credit reporting than in Australia.

55.40 A comparison was made of the kinds of information held by credit reporting agencies in Australia, the US, the UK, Germany, Canada, Japan, Hong Kong and Singapore.[50] This showed that in all countries except Australia, credit reporting agencies collect information about individuals’ credit limits and payment history. In addition, credit reporting agencies in the US, Japan and Hong Kong also hold information about individuals’ credit account balances.

55.41 Hong Kong implemented its regime of more comprehensive credit reporting in 2003, in part due to concern about levels of debt default and bankruptcy.[51] The Hong Kong Monetary Authority considered that the sharing by banks of more comprehensive information—through credit reporting agencies and subject to information privacy legislation—would help to promote a more effective banking system.[52]

Lessons for Australia

55.42 Stakeholders that advocated more comprehensive credit reporting continued to contrast the position in Australia with that in jurisdictions overseas. For example, Veda Advantage noted that Hong Kong, Belgium, Greece, India and South Africa have all implemented models of more comprehensive reporting in the past five years.[53] American Express highlighted what it saw as the advantages of the systems in the US, UK, Hong Kong and Canada.[54]

55.43 While most other comparable jurisdictions permit credit reporting agencies to collect a broader spectrum of information than is permitted in Australia, this is not universally true. A number of jurisdictions—such as France, Spain and New Zealand—possess comparable restrictions to Australia in relation to the types of personal information that may be collected and used in credit reporting.[55]

[37] Material on the regulation of credit reporting in other jurisdictions is drawn, in part, from: Centre for International Economics and Edgar Dunn and Company, Options for Implementation of Comprehensive Credit Reporting in Australia [Prepared for MasterCard Worldwide] (2006).

[38] This table is drawn, in part, from: Ibid, Table 2.4.

[39]Credit Reporting Privacy Code 2004 (NZ) under Privacy Act 1993 (NZ) s 46.

[40]Credit Reporting Privacy Code 2004 (NZ) r 1(2).

[41] Ibid cl 5.

[42] For example, the NZ Code allows the collection of ‘information relating to identification documents reported lost or stolen or otherwise compromised’ and ‘credit scores’: Ibid cl 5.

[43]Fair Credit Reporting Act 1970 15 USC § 1681 (US).

[44] R Avery and others, ‘An Overview of Consumer Data and Credit Reporting’ (2003) (February) Federal Reserve Bulletin 47, 54.

[45] Ibid, 49.

[46]Consumer Credit Act 1974 (UK) ss 157–160.

[47]Data Protection Act 1998 (UK) sch 1, pt 1.

[48] Centre for International Economics and Edgar Dunn and Company, Options for Implementation of Comprehensive Credit Reporting in Australia [Prepared for MasterCard Worldwide] (2006), 79; United Kingdom Government Information Commissioner’s Office, Data Protection: Credit Explained (2006), 8, 13.

[49] Centre for International Economics and Edgar Dunn and Company, Options for Implementation of Comprehensive Credit Reporting in Australia [Prepared for MasterCard Worldwide] (2006). The countries reviewed include the US, Canada, the UK, Germany, France, Italy, Belgium, South Africa, Japan, Hong Kong, South Korea, Singapore, Mexico and selected countries in Central and South America.

[50]In some of these jurisdictions, credit reporting information is held by public credit registries rather than private sector credit reporting agencies. Public credit registries are operated by governments, usually banking and finance industry regulators that are similar, for example, to the Australian Prudential Regulation Authority: see Ibid, 9–11.

[51] Ibid, 112.

[52] Ibid, 112.

[53] Veda Advantage, Submission PR 272, 29 March 2007.

[54] American Express, Submission PR 257, 16 March 2007.

[55] Centre for International Economics and Edgar Dunn and Company, Options for Implementation of Comprehensive Credit Reporting in Australia [Prepared for MasterCard Worldwide] (2006), 12; J Peace, ‘Knowing Your Customer: An Advantage for Business and Individuals?’ (Paper presented at 28th International Conference of Data Protection Commissioners, London, 2 November 2006).